What would it mean in the projection booth? DCI hardware, software and firmware requirements are pretty redundant and keep many secrets deep in their mechanisms. The biggest trick would be to get enough data from one trusted device and be able to carry it to a different machine in such a way that it becomes a trusted device.
The way they talk about this USB incursion doesn’t seem to lend that capability any more than if a knowledgable manufacturer tried to do that in their own offices. That route hasn’t been done or, if done, exploited. The proof would be duplicated uncompressed movies with no forensic marking – which hasn’t happened.
But giving away copyrighted materials isn’t the only bad thing that could happen to a network with a projector on it. As the US Defense Department learned, an entire network can be infiltrated from one USB incursion.
All the more reason for firm policies/inspections/reports of locked doors and no even authorized persons allowed to roam around the facility.